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Mr.  Chairman  and  Members  of  the  Subcommittees: 


We  are  pleased  to  be  here  today  to  provide  our  observations  on  the  Department  of 
Energy’s  (DOE)  and  the  National  Nuclear  Security  Administration’s  (NNSA)  security 
programs  to  protect  against  theft,  sabotage,  espionage,  terrorism,  and  other  risks  to 
national  security  at  its  facilities.  As  you  know,  the  Congress  established  NNSA  on  March 
1,  2000,  as  a  semi-autonomous  agency  within  DOE  with  responsibility  for  the  nation’s 
nuclear  weapons,  nuclear  nonproliferation  activities,  and  naval  reactors  programs. 

NNSA  was  established  to  correct  long-standing  management  and  security  problems  at 
DOE’s  nuclear  facilities.  Our  testimony  today  focuses  on  (1)  oversight  of  safeguards  and 
security  programs  at  DOE  and  (2)  security  issues  with  NNSA.  Our  testimony  is  based  on 
our  numerous  reviews  of  security  at  DOE-in  particular,  our  recently  issued  report  to  the 
full  Committee  entitled  “Improvements  Needed  in  DOE’s  Safeguards  and  Security 
Oversight”-and  testimony  presented  earlier  this  month  before  the  House  Armed  Services 
Special  Oversight  Panel  on  Department  of  Energy  Reorganization.1 

In  summary,  Mr.  Chairman,  sound  management  and  independent  oversight  of  security  at 
DOE’s  nuclear  facilities  is  critical  to  ensure  that  security  problems  are  identified,  raised 
to  the  attention  of  the  highest  levels  in  DOE,  and  corrected.  DOE  has  recently  made  a 
number  of  improvements  to  its  security  oversight.  However,  our  February  report  to  the 
Committee  discussed  several  areas  where  security  oversight  could  be  further 
strengthened.  In  particular, 

•  DOE  needs  a  comprehensive  tracking  system  for  safeguards  and  security  findings 
at  its  nuclear  facilities, 

•  all  security  findings  and/or  problems  identified  need  to  be  fully  analyzed  and 
appropriately  closed,  and 

‘See  Nuclear  Security:  Improvements  Needed  in  DOE’s  Safeguards  and  Security  Oversight, 
(GAO/RCED-OO-62,  Feb.  24,  2000)  and  Department  of  Energy:  Views  on  DOE’s  Plan  to  Establish  the 
National  Nuclear  Security  Administration,  (GAO/T-RCED-OO-113,  Mar.  2,  2000). 
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•  safeguards  and  security  ratings  should  be  consistent  among  the  various  security 
organizations  within  DOE. 

In  addition,  as  security  responsibilities  shift,  it  is  not  clear  how  DOE’s  oversight  at 
nuclear  facilities  will  relate  to  the  newly  created  NNSA.  Specifically, 

•  while  NNSA  was  to  be  distinct  from  DOE,  the  security  office  within  NNSA  may 
have  duplicative  and  overlapping  functions  with  DOE’s  security  office,  and 

•  significant  questions  remain  about  how  the  DOE  security  oversight  organization 
will  oversee  NNSA  operations. 

We  recognize  that  NNSA’s  creation,  as  outlined  by  DOE’s  Implementation  Plan  for 
NNSA,  is  an  evolving  process.  However,  we  believe  the  best  time  to  address  past 
problems  is  when  the  organization  and  systems  are  being  laid  out  for  the  first  time, 
before  commitments  to  old  ways  harden.  Timely  implementation  of  our  prior 
recommendations  for  improving  security  at  DOE  and  clarifying  the  role  of  DOE  security 
organizations,  such  as  NNSA,  will  be  important.  Changing  the  culture  may  be  more 
difficult.  NNSA  will,  at  least  initially,  be  made  up  of  DOE  and  contractor  employees  that 
have  worked  in  a  DOE  culture  that  has  led  to  many  security  problems.  For  the  newly 
created  NNSA  to  be  more  effective,  it  must  break  out  of  the  culture  and  mindset  that 
permeates  DOE.  Otherwise,  security  problems  inherent  in  DOE  may  continue  in  NNSA. 


Background 

DOE  has  numerous  contractor-operated  facilities  and  laboratories  that  carry  out  various 
DOE  programs  and  missions.  The  laboratories  conduct  some  of  the  nation’s  most 
sensitive  activities,  including  designing,  producing,  and  maintaining  the  nation’s  nuclear 
weapons;  conducting  efforts  for  other  military  or  national  security  applications;  and 
performing  research  and  development  in  advanced  technologies  for  potential  defense 


2 


and  commercial  applications.  Because  of  these  sensitive  activities,  these  facilities- 
especially  the  laboratories--are  targets  of  foreign  espionage  efforts. 

Security  concerns  and  problems  have  existed  at  many  of  these  facilities  since  they  were 
created,  and  recent  years  have  been  no  different.  In  1997,  DOE’s  Office  of  Security 
Affairs  issued  a  report  that  rated  safeguards  and  security  at  some  facilities  and 
laboratories  as  marginal  and  identified  problem  areas  that  included  physical  security  and 
accountability  for  special  nuclear  material.23  In  April  1999,  all  computer  networks 
(except  for  those  performing  critical  safety  or  security  functions)  at  the  laboratories 
were  shut  down  because  of  concerns  about  inadequate  security.  During  that  same 
month,  we  testified  before  this  Committee  on  numerous  long-standing  safeguards  and 
security  problems,  including  ineffective  controls  over  foreign  visitors,  weaknesses  in 
efforts  to  control  and  protect  classified  and  sensitive  information,  lax  physical  security 
controls,  ineffective  management  of  personnel  security  clearance  programs,  and 
weaknesses  in  tracking  and  controlling  nuclear  materials.2 3 4  In  December  1999,  a  scientist 
at  the  Los  Alamos  National  Laboratory  was  indicted  on  59  felony  counts  of  mishandling 
classified  information.  The  scientist  was  accused  of  transferring  files  from  Los  Alamos’ 
secure  computer  system  to  computer  tapes,  most  of  which  cannot  be  accounted  for.  The 
Secretary  of  Energy  has  taken  several  steps  to  improve  security  at  DOE’s  facilities, 
including  restructuring  the  headquarters  safeguards  and  security  organization, 
appointing  a  “Security  Czar,”  elevating  the  security  oversight  organization  to  report 
directly  to  the  Secretary,  upgrading  computer  security,  and  instituting 
counterintelligence  measures. 

To  a  larger  extent,  to  resolve  organizational  and  managerial  weaknesses  that  have  been 
identified  by  ourselves  and  others  as  the  causes  of  these  security  problems,  several 
options  for  reorganizing  DOE  have  been  proposed  and  studied.  For  example,  in  June 

2See  Status  of  Safeguards  and  Security  for  1996  (Jan.  27, 1997). 

3The  Office  of  Security  Affairs  is  a  DOE  headquarters  organization  whose  functions  include  establishing 
safeguards  and  security  policies  and  providing  advice  and  assistance  concerning  safeguards  and  security 
programs. 

4See  Department  of  Energy:  Key  Factors  Underlying  Security  Problems  at  DOE  Facilities,  (GAO/T- 
RCED-99-159,  Apr.  20. 1999). 
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1999,  the  President’s  Foreign  Intelligence  Advisory  Board  proposed  a  semi-autonomous 
nuclear  agency  within  DOE  with  a  streamlined  management  structure  and  field 
operations.  On  October  5, 1999,  the  President  signed  the  National  Nuclear  Security 
Administration  Act,  which  was  included  in  Public  Law  106-65.  This  act  created  NNSA,  a 
separately  organized  agency  within  DOE.  In  January  2000,  DOE  issued  its 
Implementation  Plan  to  create  NNSA.  As  envisioned  by  the  law,  the  Implementation 
Plan  calls  for  three  program  offices  within  NNSA — Defense  Programs,  Defense  Nuclear 
Nonproliferation,  and  Naval  Reactors.  The  Plan  also  sets  up  a  statutorily  required 
security  support  offlce-the  Office  of  Defense  Nuclear  Security.  Overall,  the  Statute  and 
Implementation  Plan  establish  a  structure  quite  similar  to  DOE’s. 

DOE  has  overall  responsibility  for  a  security  program  that  effectively  protects  against 
theft,  sabotage,  espionage,  terrorism,  and  other  risks  to  national  security  at  its  facilities. 
DOE  has  policies  and  procedures  to  protect  its  facilities,  classified  documents,  data 
stored  in  computers,  nuclear  materials,  nuclear  weapons,  and  nuclear  weapons 
components.  The  operating  contractors  at  DOE’s  facilities  are  responsible  for 
implementing  these  safeguards  and  security  policies  and  procedures.  To  ensure  that 
these  policies  and  procedures  are  followed  and  implemented,  DOE’s  field  operations 
offices  and  the  Office  of  Independent  Oversight  and  Performance  Assurance  (the 
Independent  Oversight  Office)  provide  oversight  of  the  effectiveness  of  safeguards  and 
security  policy  and  its  implementation.  These  offices  play  a  critical  role  in  the  early 
detection  of  safeguards  and  security  problems  and  can  play  a  major  role  in  the  timely 
resolution  of  those  problems. 

DOE’s  field  operations  offices  are  the  line  organizations  accountable  for  evaluating  the 
laboratories’  safeguards  and  security  activities.  The  operations  offices  are  required  to 
conduct  an  annual  survey  of  the  adequacy  of  the  operating  contractors’  safeguards  and 
security  programs.  The  Independent  Oversight  Office  provides  oversight  of  laboratory 
safeguards  and  security  activities  from  DOE’s  headquarters.  The  Independent  Oversight 
Office  is  an  “independent”  oversight  organization  that  is  separate  from  the  line 
management  structure  and  conducts  safeguards  and  security  inspections  of  DOE 
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facilities  and  issues  reports.  The  Independent  Oversight  Office  reports  directly  to  the 
Secretary  of  Energy. 

Improvements  Needed  in  DOE’s 
Security  Oversight 

In  February  2000,  we  reported  to  this  Committee  that  DOE’s  oversight  of  security  at  its 
national  laboratories  needs  improvements.  Specifically,  improvements  are  needed  in 
DOE’s  security  management  information  system,  corrective  action  process,  and 
performance  rating  activities. 

Security  Management  Information  System 

DOE’s  Office  of  Security  and  Emergency  Operations--DOE’s  headquarters  safeguards  and 
security  policy  organization-maintains  a  centralized  management  information  system  to 
track  and  monitor  safeguards  and  security  findings  and  the  related  corrective  actions. 
However,  findings  developed  between  1995  and  1998  by  DOE’s  Independent  Oversight 
Office  are  not  included  in  this  system  nor  are  findings  and  recommendations  developed 
by  us  and  other  outside  organizations,  such  as  congressional  committees  and  special 
review  teams.  In  addition,  the  system  is  not  directly  accessible  by  security  staff  at  DOE’s 
area  offices  and  the  laboratories.  Each  laboratory  has  developed  its  own  information 
system  containing  data  on  findings  that  relate  to  their  laboratory.  As  a  result, 
information  about  problems  at  one  location  is  not  available  to  security  staff  at  other 
locations.  DOE’s  centralized  security  management  information  system  would  be  of  more 
value  if  it  contained  information  on  all  security  findings.  Such  information  would  help 
them  avoid  similar  problems  and  improve  their  safeguards  and  security. 

Corrective  Action  Processes 


DOE  requires  that  the  laboratories  conduct  a  risk  assessment,  a  root  cause  analysis,  and 
a  cost-benefit  analysis  as  part  of  their  process  to  correct  safeguards  and  security 
problems  found  by  DOE’s  oversight  activities.  These  analyses  help  to  ensure  that 
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safeguards  and  security  problems  are  corrected  in  an  economic  and  efficient  manner. 
Despite  their  importance,  these  assessments  and  analyses  have  not  always  been 
conducted.  For  example,  at  the  Los  Alamos  National  Laboratory,  we  found  that  root 
cause  analyses  had  been  performed  for  only  about  two-thirds  of  the  security  findings  we 
reviewed.  Risk  assessments  and  cost-benefit  analyses  had  not  been  performed  for  any  of 
the  Los  Alamos  National  Laboratory  findings  we  reviewed.  The  Los  Alamos  National 
Laboratory  began  requiring  root  cause  analyses  in  1998,  and,  according  to  laboratory 
officials,  began  requiring  risk  assessments  since  we  completed  our  review.  Formal  cost- 
benefit  analyses  are  still  not  conducted.  As  a  result,  Los  Alamos  National  Laboratory 
cannot  determine  whether  correcting  a  security  risk  is  worth  the  cost  of  the  corrective 
action. 

In  addition,  the  Independent  Oversight  Office  is  not  required  to  and,  in  the  past,  has 
generally  not  worked  with  the  laboratories  to  develop  corrective  action  plans  for  its 
safeguards  and  security  findings.  Also,  this  office  is  not  required  to  and  has  not  been 
formally  involved  in  validating  the  corrective  action,  verifying  that  the  problem  was 
corrected,  and  certifying  that  its  findings  were  closed.  During  the  past  year,  the 
Independent  Oversight  Office  has  worked  with  the  laboratories  to  develop  corrective 
action  plans  and  has  conducted  follow-up  reviews  of  its  findings  that  are  being 
corrected,  validated,  verified,  or  closed  by  the  operations  offices.  However,  the 
Independent  Oversight  Office  still  has  not  become  involved  in  validating  and  verifying 
corrective  actions  and  certifying  that  findings  are  closed.  Therefore,  the  Independent 
Oversight  Office  has  no  assurance  that  the  problems  were  adequately  corrected  and 
closed. 

DOE  Performance  Ratings  Activities 

From  1994  through  1999,  DOE’s  nuclear  laboratories  have  received  many  different 
assessments  of  the  effectiveness  of  their  safeguards  and  security  programs.  For 
example,  in  1998  Los  Alamos  National  Laboratory  received  ratings  ranging  from  marginal 
to  excellent  depending  on  the  DOE  organization  conducting  the  assessment.  Likewise, 
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in  1996  Lawrence  Livermore  National  Laboratory  received  ratings  ranging  from  marginal 
to  far  exceeds  expectations.  This  inconsistency  can  send  a  mixed  and/or  erroneous 
message  to  policy  makers  and  managers.  At  least  partially,  this  inconsistency  results 
from  various  organizations’  use  of  different  criteria  and  the  timing  of  the  rating.  DOE 
has  changed  the  rating  criteria  for  the  year  2000  safeguards  and  security  contract 
performance  rating.  These  changes  could  decrease  rating  inconsistency  in  future  years. 

Security  Issues  With  NNSA 

Now  I  would  like  to  discuss  security  issues  related  to  NNSA.  NNSA  was  established  as  a 
semi-autonomous  agency  that  was  to  be  distinct  from  DOE.  To  clearly  show  the 
separation  of  NNSA  management  from  DOE’s  organization,  the  Act  laid  out  chains  of 
command  in  both  DOE  and  NNSA  that  would  insulate  NNSA  from  DOE  management  and 
decisionmaking,  except  at  the  level  of  the  NNSA  Administrator.  This  is  because  the 
Administrator  is  under  the  immediate  authority  of  the  Secretary.  We  have  two  concerns. 
First,  the  Implementation  Plan  fills  numerous  key  positions  within  NNSA  with  DOE 
officials-thus,  these  officials  have  DOE  and  NNSA  responsibilities  and  have  been  dubbed 
“dual-hatted.”  Second,  the  relationship  of  the  existing  DOE  organization  that  provides 
safeguards  and  security  oversight  to  NNSA  is  unclear. 

Dual-hatted  Positions 


The  Implementation  Plan  calls  for  dual-hatting  of  virtually  every  significant  statutory 
position,  including  the  Deputy  Administrators  for  Defense  Programs  and  Nuclear 
Nonproliferation.  In  addition,  the  Director  of  NNSA’s  Office  of  Defense  Nuclear  Security 
will  also  be  a  dual-hatted  position.5  The  Implementation  Plan  explains  that  the  “dual- 
hatted”  positions  were  established  to  ensure  consistent  policy  implementation  and  to 
ensure  seamless  DOE  and  NNSA  responses  to  emergencies.  However,  in  our  view, 
officials  holding  similar  positions  concurrently  in  DOE  and  NNSA  is  contrary  to  the 

5Other  dual-hatted  positions  include  the  Directors  of  the  Office  of  Defense  Nuclear  Counterintelligence, 
the  Office  of  Emergency  Operations,  the  General  Counsel  and  Deputy  General  Counsel,  and  Field  Office 
Managers  in  charge  of  the  Oak  Ridge,  Savannah  River,  and  Oakland  offices. 
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legislative  intent  behind  the  creation  of  NNSA  as  a  separate  entity  within  DOE. 

Moreover,  to  reinforce  the  two  separate  channels  of  management,  the  Act  states  that  no 
NNSA  officer  or  employee  shall  be  responsible  to,  or  subject  to  the  authority,  direction, 
or  control  of  any  DOE  officers  or  employees  other  than  the  Secretary  and  the 
Administrator. 

Whether  DOE  and  NNSA  have  dual-hatted  managers  or  not,  the  Implementation  Plan 
does  not  clearly  define  how  officials  that  are  responsible  for  both  NNSA  and  DOE 
activities  will  operate.  Furthermore,  whether  NNSA  security  officials  will  establish  their 
own  set  of  policies  and  procedures  or  use  existing  DOE  security  policies  and  procedures 
is  not  clear.  A  Congressional  Research  Service  memo  commented  that,  in  some  areas, 
such  as  counterintelligence,  both  DOE  and  NNSA  have  authority  to  develop  policy  and 
procedures.  This  raises  the  prospect  of  two  different  sets  of  security  policy  and 
procedures,  DOE’s  and  NNSA’s,  being  implemented  at  DOE’s  facilities  that  perform  both 
DOE  and  NNSA  missions. 

Security  Oversight  of  NNSA 

Significant  questions  remain  in  the  Implementation  Plan’s  discussion  of  the  role  of  the 
Independent  Oversight  Office.  The  Implementation  Plan  states  that  this  oversight 
organization  will  remain  in  DOE.  According  to  the  Implementation  Plan,  the 
Independent  Oversight  Office  will  review  all  DOE  and  NNSA  sites  and  activities  and  will 
report  its  findings  and  recommendations  to  the  Secretary.  How  the  recommendations 
are  to  be  handled  by  NNSA,  however,  is  not  discussed.  The  Independent  Oversight 
Office  has  raised  concerns  that,  unless  specifically  directed  by  the  Secretary,  NNSA  is 
not  required  to  act  on  oversight  findings  and  recommendations  and  thus  might  take  no 
action.  The  Independent  Oversight  Office  is  attempting  to  change  DOE  Order  470.2, 
“Safeguards  and  Security  Independent  Oversight  Program,”  to  require  NNSA  to  correct 
safeguards  and  security  problems  identified  during  its  inspections.  However,  depending 
on  how  the  order  is  changed,  this  could  set  up  a  relationship  which  would  be 
inconsistent  with  the  provisions  in  the  Act  that  prohibit  NNSA  personnel  from  being 
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subject  to  the  authority,  direction,  or  control  of  any  DOE  staff  other  than  the  Secretary 
and  the  Administrator.  In  addition,  while  amending  the  order  may  require  NNSA  to  act 
on  findings  and  recommendations  from  the  Independent  Oversight  Office,  it  will  not  fix 
the  same  problem  for  other  oversight  offices,  such  as  the  office  that  oversees 
environment,  safety,  and  health. 

The  day-to-day  working  relationship  between  the  Independent  Oversight  Office  and 
NNSA  is  also  unclear.  For  example,  the  Independent  Oversight  Office  inspects  DOE 
facilities  and  when  safeguards  and  security  problems  are  found,  works  with  the 
operating  contractor  at  the  facility  in  developing  a  corrective  action  plan.  DOE’s 
Implementation  Plan  provides  no  guidance  on  whether  such  relationships  between 
oversight  organizations  and  NNSA  should  continue  to  exist. 

In  summary,  DOE’s  Implementation  Plan  establishes  a  framework  for  the  creation  of 
NNSA  and  its  security  program,  but  it  is  not  really  a  detailed  roadmap  and  significant 
questions  remain  about  the  relationship  between  NNSA  and  DOE’s  security 
organizations. 


Our  work  on  DOE’s  oversight  of  safeguards  and  security  was  performed  from  June 
through  December  1999,  and  our  work  on  the  establishment  of  NNSA  was  performed 
during  February  2000  in  accordance  with  generally  accepted  government  auditing 
standards.  Mr.  Chairman,  this  concludes  my  testimony.  We  would  be  happy  to  respond 
to  any  questions  that  you  or  Members  of  the  Subcommittees  may  have. 
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